1 / 12

SPKI/SDSI (Simple Public Key Infrastructure/Simple Distributed Security Infrastructure )

SPKI/SDSI (Simple Public Key Infrastructure/Simple Distributed Security Infrastructure ).

dasan
Télécharger la présentation

SPKI/SDSI (Simple Public Key Infrastructure/Simple Distributed Security Infrastructure )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SPKI/SDSI(Simple Public Key Infrastructure/Simple Distributed Security Infrastructure) • Given an Access-Control List (ACL) for a protected resource, and a collection of SPKI/SDSI certificates, our programs should determine whether a given principal(Public-Key) is authorized to access the protected resource. • The heart of the system is the closure program running on SDSI servers for deciding whether a Public-Key is a member of the Group it’s claiming. For the sake of simplicity we are using simple short symbols for denoting the keys and the groups.

  2. A Simple Example • Lets take an example of a FTP server as a restricted resource I.e. to get access of documents or software residing in /pub/ of the FTP server the requester must produce a proof of membership of ftp-users group defined in the ACL. • I will illustrate the problem with two cases. • In first case the principal is a direct member of a group. Hence the problem is very trivial. • In Second case, the principal is not the dirct member. So let’s see what’s the mechanism that let’s the principal to get the access of the resource.

  3. Vishwas’s groups Vishwas’s Group BARC’s Group TIFR Friends Friends ----------------------- BARC Emp Raja Basant Mesfin ------ ------ ------ ------ Mehul Siddharth Manish Samir ------ ----- ----- Siddharth TIFR ------ ------ Dave -----------------------

  4. Vishwas’s Servers Case 1 :- A SDSI Server B Mehul • A-Membership Query Vishwas {Principal, Group Name} FTP Server C B - Reply : TRUE Certificate C - Produce this certificate to gain the access of resouyrce BARC’s SDSI Server

  5. Vishwas’s Servers Case 2 :- SDSI Server • A-Membership Query Vishwas {Principal, Group Name} Siddharth FTP Server BARC’s SDSI Server I - Produce this TOKEN to get access of the resource E - Membership.Query.BARC { Principal Groupo Name F - Reply : TRUE Cert H - Reply : TRUE Cert B - Fail {Return Group Name} E.g. BARC’s EMP C - Get .Query.Vishwas {Ask Name binding Certs} D - Reply {Certs} E.g. BARC’s Employees G - Produce this Cert to show BARC’s membership

  6. SPKI/SDSI Certs :- • Name Certs { K, A, S, V } • Auth Certs { K, S, D, T, V } Certs as Rewrite rules :- K A  S K   S • K - issuers Public Key • A - local name of K • S - subject -a term in T • D - delegation bit • T - authorization specification Tag • V - validity specification

  7. Composition of Certs :- C = L  R Let, C1 = L1 R1 C2 = L2 R2 for example, KA friends  KA Bob myfriends KA Bob  KB If L2 is a prefix of R1 Here its true in above example i.e. R1=L2X for some string X(possibly empty) Then the Computation of rules C3 = C1 ° C2 as C3 = C1 ° C2 = L1  (R1 ° C2) = L1  R2X If L2 is not a prefix of R1 then C1° C2 is undefined. Otherwise they can be said compatible.

  8. Examples :- KA Ted KB CarlJones Ted - 5 Since, KB CarlJones  KC - 11 so KA Ted  KC Ted (5 ° 11) KA friends  KA Bob myfriends - 9 Since, KB Bob  KB - 3 so KA friends  KB myfriends (9 ° 3)

  9. Closure of a set of certs • The notion of the closure of a set of certificates is fundamental. • The closure contains all certificates that can be delivered by composition from the given set of certificates. • It is denoted by C+ • It can be potentially infinite, even if the input set of rules is finite. • But what is useful to us is a finite subsets of the closure, called the “name -reduction closure” C#

  10. How to compute C# ? • C = (L  R) is said to be reducing if | L | > | R | where | X | denotes the length of sequence X. • Important Definition for Convergence in C# If C1 = (L1  R1) any arbitrary certificate and C2 = (L2  R2) compatible reducing certificate then C3 = C1° C2 = (L1  R3) satisfies |R1| > |R3| Example :- K Alice  K Verisign MIT AliceSmith compatible reducing certificate is K Verisign  KV K Alice  KV MIT AliceSmith

  11. Thus to compute the name reduction closure, we only perform rewritings that cause a reduction in the length of the right-hand side, until no more such re-writings can be done.

  12. Whole algorithm in 3 steps 1. Initialize C’ to be the input set C of certificates. 2. As long as C’ contains two compatible certificates C1 and C2 such that C2 is a reducing certificate and C1 ° C2 is not yet in C’, add C3 to C’. 3. Return C’ as the computed value of C#.

More Related